ACE Routed / One-ARM Design

Answered Question
Aug 5th, 2010

This question is on ACE 4710 design, specifically the NAT statement offten used on the server vlan interfaces.  What is the maximum number of connections to a group of servers I can get with only using a single nat address?  Is it ~65000 ie the number of ethereal ports available?  Do i need to use multiple addresses if I expect more than 65000 connections on a VIP?

interface vlan x

  description server vlan
  ip address xx.xx.xx.20 255.255.255.224
  access-group input ACL1
  access-group output ACL1

  nat-pool 1 xx.xx.xx.1 xx.xx.xx.1 netmask 255.255.255.224 pat
  service-policy input remote-mgmt
  service-policy input CLIENT-VIPS
  no shutdown

I have this problem too.
0 votes
Correct Answer by rocash about 6 years 5 months ago

The ACE provides 64 K minus 1 K ports for each IP address for PAT. Ports 0 through 1024 are reserved and cannot be used for PAT. Therefore a nat-pool with a single IP address will support ~63K simultaneous translations. See:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/nat.html

You can check the current port translations being performed by the ACE-4710 using the "show xlate" command, which is documented here:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/execmds.html#wp1703221

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rocash Thu, 08/05/2010 - 13:02

The ACE provides 64 K minus 1 K ports for each IP address for PAT. Ports 0 through 1024 are reserved and cannot be used for PAT. Therefore a nat-pool with a single IP address will support ~63K simultaneous translations. See:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/nat.html

You can check the current port translations being performed by the ACE-4710 using the "show xlate" command, which is documented here:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/execmds.html#wp1703221

Actions

This Discussion